tl;dr: How to block traffic between containers? A bridge & subnet each?
Dear all. I have a host which masquerades all packages to/from containers, since I am restricted to one external IP address. Currently, the containers share a subnet and can hence communicate with each other. They have a veth each and share a bridge on the host side. However, I want to fully control the traffic from/to/between the containers from the host (i.e., iptables/netfilter). Would having a subnet and a bridge on the host side per container be the most "elegant" way to gain full control over the traffic between containers? It feels a bit cumbersome/overkill. Thanks in advance, Lukas (Please CC me directly, since I am not subscribed to lxc-users)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
